<?php
session_start();
/*
 * Session variables:
 * $_SESSION['type'] [string] = user type of the logged in user
 * $_SESSION['authorised'] [boolean] = whether or not the current user is logged in
 * $_SESSION['account_type'][string]= user type of the account currently being created
 * $_SESSION['account_name'] [string] = username or email of the account currently being created
 * $_SESSION['create_firstname'] [string]= firstname of the account currently being created
 * $_SESSION['password'][string]= password of the account currently being created 
 */

if(isset($_SESSION['authorised']) && $_SESSION['authorised'] == true)
{   
    if(isset($_SESSION['type']))
    {
        if($_SESSION['type'] == 'administrator')
        {
			$lastname=strtoupper(addslashes(pg_escape_string($_POST['last_name'])));
			$firstname=strtoupper(addslashes(pg_escape_string($_POST['first_name'])));
			$middlename=strtoupper(addslashes(pg_escape_string($_POST['middle_name'])));
			$username= $_POST['email'];
			$address1=strtoupper(addslashes(pg_escape_string($_POST['street_add1'])));
			$address2=strtoupper(addslashes(pg_escape_string($_POST['street_add2'])));
			$city=strtoupper(addslashes(pg_escape_string($_POST['city_add'])));
			$gender=strtoupper(addslashes(pg_escape_string($_POST['gender'])));
			$birthday=addslashes(pg_escape_string($_POST['birthday']));
			$birthmonth=strtoupper(addslashes(pg_escape_string($_POST['birthmonth'])));
			$birthyear=addslashes(pg_escape_string($_POST['birthyear']));
			$contact_num=addslashes(pg_escape_string($_POST['contact_num']));
			$password=addslashes(pg_escape_string($_POST['pass1']));
			$acctype=strtolower(addslashes(pg_escape_string($_POST['accType'])));
            
			if($lastname=='' || $firstname=='' || $middlename=='' || $username=='' || $address1=='' || $address2=='' || $city=='' || $birthday=='' || $birthmonth=='' || $contact_num ==''|| $password=='')
			{
				$_SESSION['error']='Error in creating account. Put information in all fields.';
				header('Location:admin_alert.php');
                exit();
			}
            include('connection.inc');
            $sql = "SELECT * FROM users where username='$username'";
            $result = pg_query($sql);
            
            $count = pg_num_rows($result);
            
            if($count >= 1)
            {
                $_SESSION['error']='Username already exists';
                header('Location:admin_alert.php');
                exit();
            }
            else
            {
                $sql="INSERT INTO users (username, password, usertype, lastname, firstname, middlename, streetAdd1, streetAdd2, cityAdd, contactNum, gender, birthday) VALUES ('$username','$password', '$acctype', '$lastname','$firstname','$middlename', '$address1','$address2','$city','$contact_num','$gender', to_date('$birthday $birthmonth $birthyear', 'DD MON YYYY') )";
				$result=pg_query($sql);
				$_SESSION['account_name']=$username;
				$_SESSION['account_type']=$acctype;
				$_SESSION['create_firstname']=$firstname;
				$_SESSION['password']=$password;
          
                if($acctype=='student')
				{
					header('Location: admin_create_student.php');
					exit();
				}
				elseif($acctype=='parent')
				{
					$sql1="INSERT INTO parents (username) values ('$username')";
					$result=pg_query($sql1);
					header('Location: admin_emailcreateaccount.php');
					exit();
					
				}
				elseif($acctype=='tutor')
				{
					header('Location: admin_create_tutor.php');
					exit();
				}
            }
        }
        elseif($_SESSION['type'] == 'student')
        {
            header('Location: student_index.php');
            exit();
        }
        elseif($_SESSION['type'] == 'tutor')
        {
            header('Location: tutor_index.php');
            exit();
        }
        elseif($_SESSION['type'] == 'parent')
        {
            header('Location: parent_index.php');
            exit();
        }
    }
}
else
{
    header('Location: index.php');
}
?>
